July 13, 2010

Capturing SSH Keystrokes

I have been looking into the final element of this project – methods and techniques to capture and record keystrokes within a SSH tunnel. The various methods I’ve found were kernel modules (similar to the Sebek approach), hacking openssh to record keystrokes to a file on the filesystem, hacking bash to record keystroes, or using a program like tee, logger or script to capture everything by having it launch automatically from /etc/profile, ~/.profile or something similar.

In order to try retain the security of the iPhone and the data collected isn’t tampered with, I’d like to somehow use syslog or syslog-ng to log everything to a remote host in real time using UDP. To do this, I ran a quick test on my Macbook using tee which worked quite well and writing a quick and dirty script to add to /etc/profile which logs everything to syslog which can then be sent to a remote host.

This is promising. By replacing syslogd with syslog-ng I can easily whip up a config file to relay everything over to a remote host on the network. I have also looked into getting syslog-ng on the iPhone. This may be possible using cross-compiling for the iPhone architecture. I’ll have to look into this further. In the mean time, I’ve picked up a spare phone so I can use the iPhone for the project when everything is redirected from the router. I have to run a test to ensure wifi works when the simcard is removed from the phone. I have been told otherwise but requires testing.

Navigation

Alan Neville

Alan Neville, Bio

Dia Guit. My name is Alan Neville. I am currently sitting a Masters (MS.c) programme in Dublin City University (DCU) focused around Security and Forensics in Computing. This blog has been created to host various bits and pieces I come across in relation to my thesis.